This update for samba fixes the following issues:
Security issue fixed:
- CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which
allowed an unprivileged user to save registry files outside a share
(bsc#1131060).
ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686):
- Out of bound read in ldb_wildcard_compare
- Hold at most 10 outstanding paged result cookies
- Put "results_store" into a doubly linked list
- Refuse to build Samba against a newer minor version of ldb
Non-security issues fixed:
- Fixed update-apparmor-samba-profile script after apparmor switched to
using named profiles (bsc#1126377).
- Abide to the load_printers parameter in smb.conf (bsc#1124223).
This update was imported from SUSE:SLE-15:Update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.0:
zypper in -t patch openSUSE-2019-1180=1
- openSUSE Leap 15.0 (i586 x86_64):
ctdb-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
ctdb-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
ctdb-pcp-pmda-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
ctdb-pcp-pmda-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
ctdb-tests-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
ctdb-tests-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
ldb-debugsource-1.2.4-lp150.10.1
ldb-tools-1.2.4-lp150.10.1
ldb-tools-debuginfo-1.2.4-lp150.10.1
libdcerpc-binding0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
libdcerpc-binding0-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
libdcerpc-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
libdcerpc-samr-devel-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
libdcerpc-samr0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
libdcerpc-samr0-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
libdcerpc0-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
libdcerpc0-debuginfo-4.7.11+git.153.b36ceaf2235-lp150.3.14.1
libldb-devel-1.2.4-lp150.10.1
libldb1-1.2.4-lp150.10.1
libldb1-debuginfo-1.2.4...
Read the Full Advisoryhttps://www.suse.com/security/cve/CVE-2019-3880.html
https://bugzilla.suse.com/1114407
https://bugzilla.suse.com/1124223
https://bugzilla.suse.com/1125410
https://bugzilla.suse.com/1126377
https://bugzilla.suse.com/1131060
https://bugzilla.suse.com/1131686
--
Get the latest Linux and open source security news straight to your inbox.